Following the purchase of cybersecurity specialist AlchemyCore last year, Chimera Integrations is now moving headlong into reselling cybersecurity services to its brethren in the physical security integration channel.
Developing a robust cybersecurity program for Chimera while also serving as a cybersecurity reseller to other integrators is aimed at addressing critical vulnerabilities in the industry while aligning with evolving market trends. Consider the inherent risks faced by integrators due to their extensive access to client networks, as Chimera’s Justin Stearns, a co-founder and vice president, explained to SDM, highlighting the dual rationale behind the acquisition.
“Firstly, integrators are in a fairly unique position. While there are plenty of trades that have their hands in their customers’ networks, integrators are focused on physical security, which makes us a bigger target and a bigger threat to our clients,” he explained. “Prior to the acquisition, we found very few cybersecurity solutions that went beyond the cookie cutter while filling our industry’s niche needs.”
The Syracuse, N.Y.-based integrator was also constantly seeing major gaps between physical security and cybersecurity. Stearns emphasized the disconnect between how organizations manage their physical security and their cybersecurity, often with little communication between the two departments.
“It’s time these two worlds come together to offer a holistic solution that stops the pendulation between cybersecurity and physical security,” he said.
Stearns expresses concerns about the future of security integration as an industry. “An increasing amount of high-level systems are becoming plug and play and offer easy installation for the end user without the use of an integrator,” he noted. “MSPs now more than ever are offering surveillance and access control, utilizing solutions like Meraki and Verkada. We used to just compete against other integrators. Now we find we’re losing opportunities to MSPs and other low voltage trades more and more.”
From the onset of folding in AlchemyCore, Chimera leadership has proceeded methodically in building out a cyber offering as well as devising a go-to-market strategy. Late last year, the company identified a select group of key clients the new offering appeared most logical for initial outreach. The first integration was with an existing client, a regional federal credit union, that was utilizing DMP for security intrusion and access control, and Eagle Eye Networks’ cloud-managed video recorder with onsite storage, cloud backup, and the free integration of DMP and Eagle Eye.
As Steans explained, federally insured credit unions must abide by a plethora of cyber-related regulations including PCI compliance, FFIEC, AML, GLBA, state-level requirements, and the National Credit Union Administration (NCUA). The regulatory mandates involve penetration testing, endpoint detection and response (EDR), mandatory reporting, and — what stood out to Chimera the most — requirements around the supervision of technology service providers.
Related: Confronting Cybersecurity Challenges Head-On
“That’s a big deal. The credit union we were working with was using Dahua cameras prior to Chimera’s involvement, which were banned by the FCC in early 2023,” Stearns said. “As a practice we were already planning on replacing the system with one that was NDAA compliant as well as SOC2 certified. With the new understanding of Chimera’s liability as a vendor for the credit union and the new offering we could approach the organization with, utilizing AlchemyCore and Chimera Integrations was a solution that made sense for everyone. Not to mention that from a business perspective we just increased our RMR by $859 per month without interrupting our day to day operations.”
A second opportunity for Chimera resulted from a hospital network following recent changes in New York State law around cybersecurity. With the roll out of the SHIELD Act and the NYDFS Cybersecurity Regulation, hospitals among other industries, have a new level of cybersecurity regulations they need to follow. This particular end customer is large enough to staff a full time IT department; however, it did not have a chief information security officer or a cybersecurity engineer on staff.
“In this instance the conversation started when it was brought to our attention that there was a disconnect between physical security being managed by facilities and cybersecurity being managed by their IT department without synergy and without direction from any form of a security director,” Stearns explained. “Here we were able to offer a vCISO service (Virtual Chief Information Security Officer), Security Engineer as a Service (SeaS), penetration testing as well as NIST auditing and gap analysis. The benefit to the hospital was a fortified security posture, massive cost savings through staff augmentation with the vCISO and SeaS services, and the benefit to Chimera was a stronger relationship with the customer, higher margins, and a $10,000 per month increase in RMR.”
The cyber expertise behind AlchemyCore includes Chris Maulding, a security engineer who continues to serve as chief technology officer. Maulding, who pens SDM’s new “Cybersecurity Chronicles” column, works with security integrators to assist them in the role of subject matter expert on cybersecurity matters with their end customers.
In the following Q&A, Stearns goes on to explain more about Chimera’s reseller program, market opportunities and more.
Can you explain the reseller business model you are bringing to market?
Our model is simple: protect and enable security integrators to uphold their significance in the realm of global security. Our approach starts with a mandatory certification of the integrator’s cybersecurity posture. We have a security and vulnerability assessment process that the integrator first goes through. This is designed to first and foremost ensure that they are protecting their customers and their own organization from vulnerabilities caused by any cyber shortcomings. During this assessment, if we find that there are any gaps in their security, we will work with the integrator to get their organization up to par. This process also serves as the educational portion of their onboarding process. After going through the assessment we then help the integrator implement cybersecurity policies and run table top exercises with their team.
Once the integrator is secure and knowledgeable they can begin educating their customers in a much more elevated way. Our resale program for integrators was designed to be simple and profitable. Our services offering is a 100-percent staff augmentation approach for the integrator so they can increase their revenue without hiring more staff or buying any products.
There are two avenues in which integrators can generate revenue with AlchemyCore: Either through our referral partner program or by becoming a certified Cyber Integrator. Either way, integrators have an easy way to offer a higher level of service, with the option to easily incorporate a value-added service at the bottom of every proposal they send out. Cybersecurity services for the end user can cost anywhere from $200 per month to $100,000 per year. It’s easy RMR for integrators and a better solution for the end user.
Are there specific industries or types of end customers you would expect are low-hanging fruit for other integrators to leverage the services of AlchemyCore?
Cybersecurity services are highly sought after in industry’s that deal with sensitive data, face strict regulatory compliance requirements or are highly attractive targets for cyber threats.
Financial services and banking. This sector deals with highly sensitive financial information and is subject to strict regulatory compliance requirements (like GLBA, PCI-DSS).
Healthcare. With the need to protect patient information under regulations like HIPAA in the U.S.
Government and public sector. Government agencies handle sensitive public data and national security information, making them prime targets for cyberattacks. This doesn’t have to mean the department of defense. County and city municipalities have a huge need for these services.
Retail and e-commerce: These sectors need to protect customer data and transaction information, adhering to PCI-DSS standards.
Manufacturing and industrial. As the industry increasingly adopts IoT and connected technologies, it becomes more vulnerable to cyber threats.
Education. Schools and universities hold a wealth of personal data about students and staff.
Energy and utilities. Critical infrastructure sectors are attractive targets for cyberattacks aiming to disrupt services.
Technology and IT. Companies in the tech sector, including startups, often handle vast amounts of data and intellectual property.
Legal and consulting services. These firms handle sensitive client information and require robust data protection measures.
Telecommunications. With the critical role of communications infrastructure, telecom companies need to ensure the integrity and availability of their services.
What impact do you foresee this acquisition having on your company’s overall growth and market positioning?
Combining cybersecurity with physical security has reinforced Chimera’s success and growth strategy for the future. We have deeper and more meaningful relationships with our customers. Instead of just siting our vendors cybersecurity standards we can back them. Chimera is in a much safer position against lawsuits or our own cybersecurity attacks and we’ve increased our bottom line without increasing our expenses.
Is there anything else you’d like to share about this acquisition and its significance for your company and the broader industry?
Our core belief at Chimera is that, ‘Greatness can only be achieved when the heads of many perform as a body of one.’ We strive to find solutions that traditionally haven't been considered to solve real life problems that our communities face. The name AlchemyCore is just the next evolution of that core value. At its core, Alchemy serves to purify, mature and perfect certain objects. It aims to transform base metals into noble ones or to create an elixir of immortality. AlchemyCore and Chimera aim to future proof our communities and to transform our threats into our greatest assets.